Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, comprising: probing the enterprise computing environment to discover the plural file systems; providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent; providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent; receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and storing the audit trail data received from the plural file systems; and applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, taking a given action; wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.
The invention relates to a file system monitoring system designed for enterprise computing environments with multiple file systems. The system addresses the challenge of centrally managing and auditing file access across distributed file systems while ensuring local enforcement of security policies. The method involves discovering file systems within the enterprise, deploying a software agent on each file system to monitor local file access activity and network traffic visible to the agent. Each file system is provided with a security policy that defines which access activities should be monitored and enforced. The agents collect audit trail data, including intercepted file access events, network traffic, and classifiers generated by the agent to identify sensitive data or application-specific details. This data is stored centrally, and the security policies are applied to the audit trails to trigger actions such as alerts or access restrictions. The system enables centralized management of security policies while maintaining local enforcement and classification of file access activities, providing an enterprise-wide view of monitoring and auditing.
2. The method as described in claim 1 further including sending the audit trail data to a central location remote from the plural file systems.
A system and method for managing and auditing file operations across multiple file systems involves tracking and recording file access and modification activities. The system monitors file operations such as reads, writes, deletions, and permissions changes within a distributed file system environment. Each file system generates an audit trail that logs these operations, including timestamps, user identities, and operation details. The audit trail data is collected and stored locally within each file system, ensuring that all file activities are documented for compliance and security purposes. To enhance centralized monitoring and analysis, the system further includes transmitting the audit trail data from each file system to a remote central location. This central repository aggregates audit logs from all distributed file systems, enabling comprehensive tracking and review of file operations across the entire network. The centralized approach simplifies compliance reporting, security audits, and forensic investigations by providing a unified view of file activities. This method ensures that all file operations are recorded and accessible for analysis, improving security and accountability in distributed file system environments.
3. The method as described in claim 1 wherein the given action is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity.
A method for monitoring and controlling file system access involves detecting unauthorized or suspicious access to file system resources and triggering predefined actions in response. The method identifies file system access events, evaluates them against security policies, and determines whether the access is permissible. When an access event violates a policy, the system performs a predefined action to mitigate the risk. These actions include issuing alerts to administrators, conducting audit activities to log and analyze the event, restricting access to the affected file system resource to prevent further unauthorized access, and generating reports on file system access activity for compliance or forensic purposes. The method ensures that file system security policies are enforced dynamically, reducing the risk of data breaches and unauthorized access. By automating responses to policy violations, the system enhances security without requiring constant manual oversight. The approach is particularly useful in environments where sensitive data is stored and access control is critical.
4. The method as described in claim 1 wherein the audit trail data is received continuously and in real-time with respect to the file system access activity.
A system and method for monitoring and recording file system access activity in real-time to enhance security and compliance. The invention addresses the need for continuous, real-time tracking of file system operations to detect unauthorized access, ensure data integrity, and meet regulatory requirements. The method involves capturing detailed audit trail data corresponding to file system access events, such as file reads, writes, deletions, or modifications. This data includes timestamps, user identities, file paths, and operation types, providing a comprehensive record of all file system interactions. The audit trail data is collected continuously and in real-time, ensuring immediate visibility into file system activity. The system may also analyze the collected data to identify suspicious patterns, generate alerts, or enforce access policies. By maintaining an up-to-date audit trail, the invention enables proactive threat detection, forensic investigations, and compliance reporting. The method supports integration with existing security frameworks and can be deployed across various operating systems and file storage environments. The real-time aspect ensures that security teams can respond promptly to potential breaches or policy violations, minimizing risks to sensitive data.
5. The method as described in claim 1 wherein the security policy provided to a first file system differs from the security policy provided to a second file system distinct from the first file system.
This invention relates to a system for managing security policies across multiple file systems. The problem addressed is the need to enforce different security policies on distinct file systems within a computing environment, ensuring that each file system operates under its own tailored security rules while maintaining overall system integrity. The method involves providing a first file system with a specific security policy and a second, distinct file system with a different security policy. The security policies define access controls, permissions, and other security parameters for each file system. The system ensures that the policies are applied independently, allowing for customized security configurations based on the requirements of each file system. This approach enables administrators to enforce stricter or more relaxed security measures depending on the sensitivity or usage of the data stored in each file system. The method may also include monitoring and enforcing compliance with the assigned policies to prevent unauthorized access or modifications. By differentiating security policies between file systems, the invention enhances flexibility and granularity in security management, reducing the risk of security breaches while accommodating diverse operational needs.
6. The method as described in claim 1 further including defining the security policy, the security policy having one or more file system-specific rules.
A system and method for managing security policies in a file system environment addresses the challenge of enforcing consistent and granular security controls across diverse file systems. The invention involves defining a security policy that includes one or more file system-specific rules, which are applied to regulate access, permissions, and operations within the file system. These rules can be tailored to different file systems, allowing for customized security measures based on the specific requirements of each system. The security policy may include conditions such as user authentication, file attributes, or system state, ensuring that access and modifications adhere to predefined security standards. By integrating these rules into the file system operations, the system enforces security policies dynamically, reducing the risk of unauthorized access or data breaches. The method ensures that security policies are consistently applied across multiple file systems, improving overall system security and compliance with regulatory requirements. The invention is particularly useful in environments where multiple file systems with varying security needs must be managed under a unified security framework.
7. The method as described in claim 6 wherein the given action taken is based on the one or more file system-specific rules.
A system and method for managing file operations in a computing environment involves processing file system events to determine whether a given action should be taken. The method monitors file system events, such as file creation, modification, or deletion, and applies predefined rules to determine the appropriate response. These rules are specific to the file system being used, ensuring compatibility and proper handling of system-specific behaviors. When an event occurs, the system evaluates the event against the rules to decide whether to take action, such as blocking the operation, logging the event, or triggering a secondary process. The rules may include conditions based on file attributes, user permissions, or system state, allowing for flexible and context-aware decision-making. This approach enhances security, compliance, and operational efficiency by automating responses to file system events according to predefined policies. The system ensures that actions are taken only when justified by the file system-specific rules, preventing unintended disruptions while maintaining control over file operations.
8. An apparatus, comprising: a processor; computer memory holding computer program instructions configured to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, the computer program instructions comprising: program code to probe the enterprise computing environment to discover the plural file systems; program code providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent; program code providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent; program code receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and program code storing the audit trail data received from the plural file systems; and program code applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, to take a given action; wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.
The invention relates to a file system monitoring system for enterprise computing environments, addressing the challenge of centrally managing and auditing file system access across multiple distributed file systems. The system includes a processor and computer memory storing instructions to improve file system monitoring by probing the enterprise environment to discover multiple file systems. Each discovered file system is provided with a local software agent that collects file system access activity and network segment traffic visible to the agent. The system also assigns a security policy to each file system, defining which access activities should be monitored and enforced locally by the agent. The agents generate audit trail data as they intercept file system access, including network traffic and classifiers that categorize activity involving sensitive data or application-specific details. This audit data is centrally stored and analyzed against the security policies, triggering actions such as alerts or enforcement measures. The system ensures centralized policy management while allowing local collection, enforcement, and classification of file access activity, providing an enterprise-wide view of monitoring and auditing across all file systems.
9. The apparatus as described in claim 8 wherein the computer program instructions further include program code sending the audit trail data to a central location remote from the plural file systems.
The invention relates to a system for managing and auditing file operations across multiple file systems. The problem addressed is the lack of centralized tracking and auditing of file access and modifications in distributed computing environments, which can lead to security vulnerabilities, compliance issues, and difficulties in forensic investigations. The apparatus includes a plurality of file systems, each storing files and metadata. A monitoring module is integrated with each file system to detect file operations such as read, write, delete, and modify actions. The monitoring module generates audit trail data for each detected operation, including timestamps, user identifiers, and operation details. A processing module analyzes the audit trail data to identify patterns, anomalies, or unauthorized activities. The apparatus further includes a communication module that transmits the audit trail data to a central location remote from the file systems. This centralization allows for consolidated storage, analysis, and reporting of file operations across all monitored systems. The central location may be a server or database accessible by authorized personnel for compliance audits, security monitoring, or forensic investigations. The system ensures that file operations are logged consistently and securely, providing a comprehensive record of activities for regulatory compliance and security enforcement. The remote transmission of audit data ensures that logs are preserved even if individual file systems are compromised or tampered with.
10. The apparatus as described in claim 8 wherein the given action is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity.
This invention relates to a security apparatus for monitoring and controlling access to file system resources in a computing environment. The problem addressed is the need to detect and respond to unauthorized or suspicious file system access activities, ensuring data security and compliance. The apparatus includes a monitoring component that tracks file system access events, such as read, write, or delete operations, and a processing component that analyzes these events against predefined rules or policies. When a file system access event matches a rule, the apparatus triggers a predefined action. These actions include issuing an alert to administrators, performing an audit activity to log the event for compliance purposes, restricting access to the file system resource to prevent further unauthorized access, or generating a report on the file system access activity for review. The apparatus may also include a configuration interface that allows administrators to define the rules and corresponding actions, as well as a storage component to retain historical access data for analysis. The system ensures that file system access is monitored in real-time, with automated responses to potential security threats, reducing the risk of data breaches and ensuring compliance with security policies.
11. The apparatus as described in claim 8 wherein the audit trail data is received continuously and in real-time with respect to the file system access activity.
The invention relates to a system for monitoring and auditing file system access activity in real-time. The problem addressed is the need for continuous, up-to-date tracking of file system operations to ensure security, compliance, and operational transparency. Traditional auditing methods often rely on periodic logging, which can miss critical events or introduce delays in detection. The apparatus includes a monitoring module that captures file system access events, such as file reads, writes, deletions, or permission changes, as they occur. These events are processed and stored as audit trail data, which includes timestamps, user identifiers, and details of the accessed files. The system ensures that this data is received continuously and in real-time, meaning there is no significant delay between the file system activity and its recording in the audit log. This real-time capability allows for immediate detection of unauthorized access, policy violations, or suspicious behavior. The apparatus may also include a filtering mechanism to prioritize or categorize events based on predefined criteria, such as file sensitivity or user permissions. Additionally, it may integrate with security or compliance tools to trigger alerts or automated responses when anomalies are detected. The system is designed to operate without disrupting normal file system operations, ensuring minimal performance impact while maintaining comprehensive audit coverage. This approach enhances security posture by providing actionable insights into file system activity as it happens.
12. The apparatus as described in claim 8 wherein the security policy provided to a first file system differs from the security policy provided to a second file system distinct from the first file system.
A system for managing security policies in a computing environment with multiple file systems addresses the challenge of enforcing different security requirements across distinct file systems. The system includes a policy management module that generates and applies security policies to file systems based on their specific needs. Each file system operates independently, allowing the policy management module to assign unique security policies to different file systems. For example, a first file system may enforce stricter access controls, encryption, or audit logging compared to a second file system, which may have more relaxed policies. The system ensures that security policies are dynamically applied and enforced without requiring manual configuration for each file system. This approach improves security flexibility and reduces administrative overhead by centralizing policy management while accommodating diverse security requirements across different file systems. The system is particularly useful in environments where multiple file systems must adhere to varying compliance or operational standards.
13. The apparatus as described in claim 8 wherein the computer program instructions further include program code defining the security policy, the security policy having one or more file system-specific rules.
This invention relates to a computer-implemented security system for managing access to file systems. The system addresses the challenge of enforcing consistent security policies across different file systems, which often have varying structures and access control mechanisms. The apparatus includes a processor and a memory storing computer program instructions that define a security policy with file system-specific rules. These rules govern how files and directories are accessed, modified, or shared within the file system, ensuring compliance with organizational or regulatory requirements. The security policy can be dynamically updated to adapt to changing security needs. The apparatus also includes a policy enforcement module that interprets the security policy and applies it to file system operations, such as read, write, or delete actions. The system may further include a monitoring module to log security events and detect policy violations. By integrating file system-specific rules into a centralized security policy, the invention provides a unified approach to managing access control across heterogeneous file systems, reducing the risk of unauthorized access or data breaches. The system is particularly useful in environments where multiple file systems with different access control models must adhere to a common security framework.
14. The apparatus as described in claim 13 wherein the given action taken is based on the one or more file system-specific rules.
A system for managing file operations in a computing environment addresses the challenge of ensuring consistent and secure file handling across different file systems. The system includes a monitoring module that detects file operations such as creation, modification, or deletion. An analysis module evaluates these operations against predefined rules specific to the file system being used. These rules may include permissions, access controls, or compliance requirements unique to the file system. Based on the analysis, an action module executes a response, such as allowing, blocking, or logging the operation. The system dynamically adapts to different file systems by applying their respective rules, ensuring that file operations comply with system-specific policies. This approach enhances security and consistency by enforcing file system-specific regulations during file operations.
15. A computer program product comprising computer program instructions on non-transitory computer-readable media, the computer program instructions executed by a processor to improve a file system monitoring system operating in association with plural file systems in an enterprise computing environment, the computer program instructions comprising: program code to probe the enterprise computing environment to discover the plural file systems; program code providing each of the plural file systems discovered with a software agent that runs locally in the file system to collect file system access activity local to the file system together with network segment traffic that is visible to the software agent; program code providing each of the plural file systems with a security policy, the security policy defining one or more file system access activities to be monitored and enforced at the file system by the software agent; program code receiving from each of the plural file systems audit trail data, the audit trail data having been generated locally as file system access activity is intercepted at the file system by the software agent in accordance with the security policy, the audit trail data including any network segment traffic that is visible to the software agent, and one or more classifiers generated by the software agent to classify file system activity that involves sensitive data or application-specific details; and program code storing the audit trail data received from the plural file systems; and program code applying the security policy against the audit trail data received from at least one of the plural file systems and, in response thereto, to take a given action; wherein the security policies for the plural file systems are managed and applied centrally for the enterprise computing environment to provide an enterprise-wide view of monitoring and auditing of file system access for the plural file systems while file access activity is collected, enforced and classified locally by the software agent.
This invention relates to a file system monitoring system for enterprise computing environments. The system addresses the challenge of centrally managing and auditing file system access across multiple file systems while ensuring local enforcement and classification of sensitive data activity. The solution involves a computer program product that deploys software agents to each file system in the enterprise. These agents collect local file system access activity and network segment traffic visible to them, enforcing predefined security policies that define which activities to monitor. The agents generate audit trail data, including classifiers for sensitive data or application-specific details, and transmit this data to a central system. The central system stores and analyzes the audit data, applying security policies to trigger actions such as alerts or access restrictions. This approach provides a unified, enterprise-wide view of file system monitoring while maintaining local enforcement and classification capabilities. The system ensures consistent security policy application across all file systems, improving visibility and control over file access activities in large-scale environments.
16. The computer program product as described in claim 15 further including program code sending the audit trail data to a central location remote from the plural file systems.
A system and method for managing and auditing file operations across multiple file systems. The technology addresses the challenge of tracking and securing file access and modifications in distributed environments where files are stored across different systems, making centralized monitoring and compliance difficult. The invention provides a solution by generating an audit trail that records file operations, such as reads, writes, and deletions, across plural file systems. The audit trail data includes timestamps, user identifiers, and operation details, ensuring accountability and traceability. The system further includes a mechanism to send this audit trail data to a central location remote from the file systems, enabling centralized analysis, reporting, and compliance monitoring. This centralized approach simplifies auditing, enhances security, and ensures that file operations are logged and reviewed in a consistent manner, regardless of where the files are stored. The invention may also include additional features such as real-time monitoring, alerting for suspicious activities, and integration with existing security and compliance frameworks. By consolidating audit data from multiple file systems into a single location, the system improves visibility, reduces administrative overhead, and strengthens data governance.
17. The computer program product as described in claim 15 wherein the given action is one of: issuing an alert, performing an audit activity, restricting access to a file system resource, and reporting on the file system access activity.
A system monitors file system access activities to detect and respond to unauthorized or suspicious actions. The system tracks file operations such as reads, writes, deletions, or modifications, comparing them against predefined security policies or behavioral patterns. When a deviation or violation is detected, the system triggers a predefined action. These actions include issuing alerts to administrators, performing automated audit activities to log the event, restricting access to the affected file system resource to prevent further unauthorized access, or generating reports on the access activity for compliance or forensic analysis. The system integrates with existing file systems and security frameworks to provide real-time monitoring and enforcement of access controls. This approach enhances security by proactively identifying and mitigating risks associated with file system misuse or breaches.
18. The computer program product as described in claim 15 wherein the audit trail data is received continuously and in real-time with respect to the file system access activity.
This invention relates to a computer program product for monitoring and auditing file system access activity in real-time. The system captures and processes audit trail data continuously as file system operations occur, providing immediate visibility into access patterns, modifications, and potential security threats. The solution addresses the need for timely detection of unauthorized access or malicious activity by eliminating delays in data collection and analysis. The program product includes a monitoring module that intercepts file system calls and logs detailed audit trail data, such as timestamps, user identities, accessed files, and operation types (e.g., read, write, delete). This data is transmitted to an analysis module, which processes it in real-time to identify anomalies, policy violations, or suspicious behavior. The system may also integrate with security tools to trigger alerts or automated responses based on detected threats. The invention ensures that audit data is captured without gaps or latency, enabling proactive security measures and compliance with regulatory requirements. By continuously monitoring file system activity, organizations can detect and respond to threats faster, reducing the risk of data breaches or unauthorized modifications. The solution is applicable to various environments, including enterprise networks, cloud storage systems, and critical infrastructure where real-time monitoring is essential.
19. The computer program product as described in claim 15 wherein the security policy provided to a first file system differs from the security policy provided to a second file system distinct from the first file system.
This invention relates to computer security systems, specifically methods for managing security policies across multiple file systems. The problem addressed is the need for differentiated security policies in environments where multiple file systems operate, ensuring that each file system can enforce distinct security rules tailored to its specific requirements. The invention involves a computer program product that implements a security policy management system. This system allows for the assignment of different security policies to different file systems within a computing environment. A first file system is provided with a security policy that differs from the security policy assigned to a second, distinct file system. The security policies govern access control, data protection, and other security measures, enabling customized security enforcement based on the needs of each file system. The system ensures that security policies are applied consistently and dynamically, adapting to changes in the file systems or security requirements. This approach enhances security flexibility and reduces the risk of unauthorized access or data breaches by allowing granular control over security measures across multiple file systems.
20. The computer program product as described in claim 15 wherein the computer program instructions further include program code defining the security policy, the security policy having one or more file system-specific rules.
This invention relates to computer security, specifically to a system for enforcing security policies on file systems. The problem addressed is the need for granular control over file system access to prevent unauthorized data exposure or modification. Traditional security mechanisms often lack fine-grained rules tailored to specific file systems, leading to either overly permissive or overly restrictive access controls. The invention provides a computer program product that includes instructions for defining and enforcing a security policy with file system-specific rules. These rules dictate how files and directories can be accessed, modified, or shared based on attributes such as user permissions, file types, or system context. The security policy is dynamically applied to file system operations, ensuring compliance with predefined security requirements. The system may also include mechanisms to log violations or trigger alerts when access attempts breach the policy. The invention further allows for customization of security policies to different file systems, enabling organizations to enforce distinct rules for sensitive data, shared resources, or temporary files. This flexibility helps balance security needs with operational efficiency. The program product may be integrated into existing file system management tools or operate as a standalone security layer. The overall goal is to provide a scalable and adaptable solution for protecting file system resources from unauthorized access or malicious activities.
21. The computer program product as described in claim 20 wherein the given action taken is based on the one or more file system-specific rules.
A system and method for managing file operations in a computing environment involves processing file system-specific rules to determine actions for file operations. The system monitors file operations such as creation, modification, deletion, or access of files within a file system. When a file operation is detected, the system evaluates predefined rules that are specific to the file system's structure, permissions, or policies. These rules may include conditions such as file type, user permissions, or directory location. Based on the evaluation, the system determines an appropriate action, such as allowing, denying, or modifying the file operation. The system may also log the operation for auditing or apply additional security measures. The rules are configurable and can be updated to adapt to changing file system requirements or security policies. This approach ensures consistent enforcement of file system policies and enhances security by preventing unauthorized or malicious file operations. The system is particularly useful in environments where strict control over file access and modifications is necessary, such as enterprise networks or regulated industries.
Unknown
October 29, 2019
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.